我試圖在現有數據庫中匹配用戶名和密碼,並且在寫入SQL查詢時被困在那一點。SELECT WHERE sql查詢
String selectQuery = "SELECT * FROM "+ TABLE_NAME +" WHERE "+COLUMN_USERNAME + " = '"+usrname+"' AND "+COLUMN_PASSWD+" = '"+passwd+"' ";
//COLUMN_USERNAME is the column name which stores username COLUMN_PASSWD is column storing password
Cursor cursor = database.rawQuery(selectQuery, null);
你可以嘗試使用AccountManager一流爲宗旨:
Cursor cursor = db.rawQuery("Select " + dbh.name + dbh.pass
+ " from tablename where" +dbh.name +"="+ e1.getText().toString()+";", null);
這將導致SQL注入。 – 2013-05-04 07:38:43
好吧爲你祈禱 – Freak 2013-05-04 07:38:56